Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 26.04.2013, 08:15   #1
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Hallo zusammen,
ich verfolge das Forum hier schon seit einiger Zeit und bin wirklich erstaunt, wie professionell die meisten Probleme behandelt werden. Oftmals habe ich bisher Probleme mit Viren / Trojanern etc. einigermaßen selbst in den Griff bekommen, aber dieser TR/ATRAPS.Gen2 scheint ja ein ziemlich schwerer Fall zu sein.

Ich bin ziemlicher Laie auf dem Gebiet, habe aber schon des Öfteren gelesen, dass bei einem solchen Befall nur ein Neuaufsetzen des Systems hilft. Ich möchte das so weit wie möglich umgehen, da ich dafür momentan absolut keine Zeit habe. Deswegen wäre ich euch unendlich dankbar, wenn ihr mir in diesem Falle eine alternative Lösung anbieten könnt.

Ich schätze mal, dass ich mir den Trojaner aufgrund dieser Sicherheitslücke bei Adobe / Flash eingefangen habe, weil ich nach einer Aktualisierung vor einigen Monaten verhäuft Probleme mit dem PC hatte (z.B. Umleitungen bei Google, Sperrung von Internetseiten, Abstürze, Hostprozess wird beendet usw.). Avira zeigt mir beim Echtzeit-Scanner permanent diesen Fund an, sodass es gar nicht mehr richtig funktioniert. Auch Malwarebytes führt nur eine Datei als infiziert auf, ich kann sie in Quarantäne stellen, löschen un den PC neustarten, ohne Erfolg.

Ich habe zwar keine größeren Performance-Probleme mit meinem PC, eigentlich läuft alles ganz normal, aber ich möchte diesen Trojaner verständlicherweise doch gerne loswerden, vor allen Dingen, da ich bisher auch Online-Banking über diesen PC gemacht habe.

Ich habe mal ein aktuelles Malwarebytes-Log angefügt, wie gesagt, ich würde mich sehr freuen, wenn mein System auch ohne komplettes Neuaufsetzen zu retten ist.

LG
Jupp

Alt 26.04.2013, 08:57   #2
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?




Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.




Schritt 2: Scan mit MBAR



Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke nicht auf den CleanUp Button
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________
Alt 26.04.2013, 11:01   #3
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Hallo Marius!
Erst einmal vielen Dank für die schnelle Hilfe. Ich kann mir zwar vorstellen, dass eine Formatierung der schnellere Weg ist, aber mein System danach wieder in den status quo zurückzuversetzen würde mich dafür unendlich viel mehr Zeit kosten. Deswegen hoffe ich mal, dass es auch so geht.

Hier zunächst einmal die beiden Logs von OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2013 11:45:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,70% Memory free
8,17 Gb Paging File | 6,62 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,27 Gb Total Space | 2,53 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 416,48 Gb Total Space | 38,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()
MOD - D:\Programme\Rainlendar2\lfs.dll ()
MOD - D:\Programme\Rainlendar2\lua51.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "87.98.136.60"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]
 
[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions
[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions
[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira
[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu
[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe
[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 11:48:24 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 11:48:24 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 11:48:24 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 11:48:24 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 11:48:24 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 11:42:16 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:42:16 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable
[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable
[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel
[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties
[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat
[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@
[2013.04.19 21:53:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L
[2013.04.26 08:56:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U
[2013.04.26 11:42:12 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@
[2013.04.04 17:25:43 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@
[2013.04.23 17:21:36 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@
[2013.04.26 08:56:07 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@
[2013.04.04 17:25:43 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@
[2013.04.26 07:55:21 | 000,090,624 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@
[2013.04.26 07:59:21 | 000,077,312 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.04.26 11:42:12 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.04.26 11:42:12 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 11:45:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,70% Memory free
8,17 Gb Paging File | 6,62 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,27 Gb Total Space | 2,53 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 416,48 Gb Total Space | 38,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2A E4 C4 4A 6F BA CC 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon iP3300 Benutzerregistrierung" = Canon iP3300 Benutzerregistrierung
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Earth 2140" = Earth 2140
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Freecorder5.1" = Freecorder 5
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MechWarrior 3" = MechWarrior 3
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Mp3tag" = Mp3tag v2.49
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OCCT" = OCCT 4.1.1
"Rainlendar2" = Rainlendar2 (remove only)
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Sudeki_is1" = Sudeki
"Tomb Raider_is1" = Tomb Raider
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2013 03:56:59 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.03.2013 02:03:27 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.03.2013 17:11:08 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.03.2013 04:38:27 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.03.2013 09:51:45 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 
0x4fec7b3e, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.6161, Zeitstempel 
0x4dace5b9, Ausnahmecode 0xc0000005, Fehleroffset 0x0003b36a,  Prozess-ID 0xcbc, Anwendungsstartzeit
 01ce288fe8fe25d6.
 
Error - 24.03.2013 09:51:47 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 
0x4fec7b3e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002ab6e,  Prozess-ID 0xcbc, Anwendungsstartzeit
 01ce288fe8fe25d6.
 
Error - 24.03.2013 18:07:22 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.03.2013 02:14:29 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 02:41:33 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 03:54:49 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 12:25:32 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 16.11.2011 11:08:05 | Computer Name = Jupp-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 26.04.2013 02:53:17 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.04.2013 02:53:17 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---


Malwarebytes lasse ich jetzt laufen und poste die Ergebnisse dann später.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jupp :: JUPP-PC [administrator]

26.04.2013 12:11:23
mbar-log-2013-04-26 (12-11-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 43106
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (shell32.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (fastprox.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.

Folders Detected: 8
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U (Backdoor.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 19
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\6715e287 (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.

(end)
__________________
Alt 26.04.2013, 11:18   #4
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Zitat:
-> Delete on reboot.
Du solltest doch ausdrücklich nicht auf cleanup klicken!

Lasse MBAR noch einmal laufen und poste mir die logdatei.
Erstelle außerdem ein neues OTL-Log.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.04.2013, 11:34   #5
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Sorry, aber das "Delete on reboot" steht bei mir auch nach dem zweiten Lauf. Habe gerade noch gar nichts weiter angeklickt, nur das Logfile geöffnet. Bin mir auch ziemlich sicher, dass ich beim ersten Mal nicht auf Cleanup geklickt habe:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jupp :: JUPP-PC [administrator]

26.04.2013 12:32:14
mbar-log-2013-04-26 (12-32-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 43092
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (shell32.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (fastprox.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.

Folders Detected: 8
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U (Backdoor.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 19
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\6715e287 (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.

(end)


Alt 26.04.2013, 11:36   #6
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Ah, okay!

Dann lass MBAR die Funde jetzt entfernen, starte neu und poste mir die erstellte Logdatei!
__________________
--> TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?

Alt 26.04.2013, 13:04   #7
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


OK, jetzt hört Avira schon einmal auf mit dem Gezicke und das Logfile sieht meiner Meinung nach auch etwas besser aus...
Was mir nur gerade aufgefallen ist, auf meiner zweiten Partition (D:, wo ich auch Malwarebytes gespeichert habe) wurden jetzt mehrere Ordner angelegt, die vorher nicht dort waren ("RECYCLE.BIN", "msdownld.tmp", "MSOCache", "System Volume Information"). Teilweise habe ich auf diese Ordner keinen Zugriff. Ist das normal?
Hier noch das aktuelle Logfile:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jupp :: JUPP-PC [administrator]

26.04.2013 13:16:03
mbar-log-2013-04-26 (13-16-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 43002
Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 26.04.2013, 13:26   #8
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Genau!

Entferne auch diesen Fund.
Sobald MBAR nichts mehr entdeckt, erstelle und poste ein neues OTL-Log!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.04.2013, 14:12   #9
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Malwarebytes findet jetzt keine Trojaner mehr, hier meine aktuellen OTL-Logs:
Code:
ATTFilter
OTL logfile created on: 26.04.2013 15:00:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free
8,22 Gb Paging File | 6,43 Gb Available in Paging File | 78,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,27 Gb Total Space | 3,26 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive D: | 416,48 Gb Total Space | 38,72 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - D:\Programme\Last.fm\Last.fm Scrobbler.exe (Last.fm)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winamp.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_milk2.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_avs.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_nsfs.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\tagz.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winampa.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_pmp.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_wifi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_ipod.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ombrowser.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_android.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_ds.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_wire.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_usb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_transcode.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_wave.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_disk.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_rg.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_activesync.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_p4s.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_njb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\playlist.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_local.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_disc.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_plg.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp3.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_midi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mod.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wm.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_online.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_cdda.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_playlists.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_nsv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_vorbis.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_undo.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_downloads.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_history.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_devices.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_tray.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_autotag.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wav.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_dshow.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wave.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flac.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_impex.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_bookmarks.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp4.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_avi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_enqplay.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mkv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_orb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_nowplaying.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_addons.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_swf.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_linein.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\burnlib.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex_original.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_classicart.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ff.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ml.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_play_remove.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\dsp_sps.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_skinmanager.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_hotkeys.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\auth.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_timerestore.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_nopro.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_orgler.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_crasher.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_fhgaac.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wma.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_lame.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_find_on_disk.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wav.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_vorbis.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_flac.lng ()
MOD - D:\Programme\Last.fm\listener.dll ()
MOD - D:\Programme\Last.fm\unicorn.dll ()
MOD - D:\Programme\Last.fm\logger.dll ()
MOD - D:\Programme\Last.fm\lastfm.dll ()
MOD - D:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll ()
MOD - D:\Programme\Last.fm\phonon.dll ()
MOD - D:\Programme\Last.fm\libvlccore.dll ()
MOD - D:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - D:\Programme\Last.fm\libvlc.dll ()
MOD - D:\Programme\Winamp\System\jnetlib.w5s ()
MOD - D:\Programme\Winamp\System\jpeg.w5s ()
MOD - D:\Programme\Winamp\System\xml.w5s ()
MOD - D:\Programme\Winamp\System\png.w5s ()
MOD - D:\Programme\Winamp\System\playlist.w5s ()
MOD - D:\Programme\Winamp\tataki.dll ()
MOD - D:\Programme\Winamp\zlib.dll ()
MOD - D:\Programme\Winamp\System\timer.w5s ()
MOD - D:\Programme\Winamp\System\tagz.w5s ()
MOD - D:\Programme\Winamp\System\primo.w5s ()
MOD - D:\Programme\Winamp\Plugins\in_wm.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_local.dll ()
MOD - D:\Programme\Winamp\Plugins\in_vorbis.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_devices.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_pmp.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_disc.dll ()
MOD - D:\Programme\Winamp\System\auth.w5s ()
MOD - D:\Programme\Winamp\Plugins\pmp_ipod.dll ()
MOD - D:\Programme\Winamp\Plugins\unrar.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_online.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_p4s.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_wifi.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_playlists.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_plg.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_android.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_impex.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_usb.dll ()
MOD - D:\Programme\Winamp\Plugins\out_ds.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_history.dll ()
MOD - D:\Programme\Winamp\System\devices.w5s ()
MOD - D:\Programme\Winamp\Plugins\ml_rg.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_transcode.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_bookmarks.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_autotag.dll ()
MOD - D:\Programme\Winamp\Plugins\in_swf.dll ()
MOD - D:\Programme\Winamp\System\albumart.w5s ()
MOD - D:\Programme\Winamp\Plugins\out_disk.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_njb.dll ()
MOD - D:\Programme\Winamp\System\gif.w5s ()
MOD - D:\Programme\Winamp\System\bmp.w5s ()
MOD - D:\Programme\Winamp\Plugins\out_wave.dll ()
MOD - D:\Programme\Winamp\Plugins\in_wave.dll ()
MOD - D:\Programme\Winamp\System\dlmgr.w5s ()
MOD - D:\Programme\Winamp\System\gracenote.w5s ()
MOD - D:\Programme\Winamp\System\filereader.w5s ()
MOD - D:\Programme\Winamp\Plugins\gen_ff.dll ()
MOD - D:\Programme\Winamp\nsutil.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_ml.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mp3.dll ()
MOD - D:\Programme\Winamp\libsndfile.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_jumpex.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mod.dll ()
MOD - D:\Programme\Winamp\Plugins\in_midi.dll ()
MOD - D:\Programme\Winamp\Plugins\in_cdda.dll ()
MOD - D:\Programme\Winamp\nde.dll ()
MOD - D:\Programme\Winamp\Plugins\in_nsv.dll ()
MOD - D:\Programme\Winamp\Plugins\in_dshow.dll ()
MOD - D:\Programme\Winamp\Plugins\in_avi.dll ()
MOD - D:\Programme\Winamp\Plugins\in_flac.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_orgler.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mp4.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mkv.dll ()
MOD - D:\Programme\Winamp\Plugins\in_flv.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_hotkeys.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_tray.dll ()
MOD - D:\Programme\Winamp\Plugins\in_linein.dll ()
MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()
MOD - D:\Programme\Rainlendar2\lfs.dll ()
MOD - D:\Programme\Rainlendar2\lua51.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "87.98.136.60"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]
 
[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions
[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions
[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira
[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu
[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe
[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 12:56:20 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 12:56:20 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 12:56:20 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 12:56:20 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 12:56:20 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 12:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable
[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable
[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel
[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties
[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat
[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL logfile created on: 26.04.2013 15:00:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free
8,22 Gb Paging File | 6,43 Gb Available in Paging File | 78,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,27 Gb Total Space | 3,26 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive D: | 416,48 Gb Total Space | 38,72 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - D:\Programme\Last.fm\Last.fm Scrobbler.exe (Last.fm)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winamp.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_milk2.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_avs.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_nsfs.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\tagz.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winampa.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_pmp.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_wifi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_ipod.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ombrowser.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_android.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_ds.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_wire.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_usb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_transcode.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_wave.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_disk.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_rg.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_activesync.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_p4s.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_njb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\playlist.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_local.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_disc.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_plg.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp3.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_midi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mod.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wm.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_online.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_cdda.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_playlists.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_nsv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_vorbis.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_undo.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_downloads.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_history.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_devices.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_tray.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_autotag.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wav.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_dshow.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wave.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flac.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_impex.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_bookmarks.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp4.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_avi.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_enqplay.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mkv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_orb.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_nowplaying.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_addons.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_swf.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_linein.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flv.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\burnlib.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex_original.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_classicart.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ff.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ml.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_play_remove.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\dsp_sps.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_skinmanager.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_hotkeys.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\auth.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_timerestore.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_nopro.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_orgler.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_crasher.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_fhgaac.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wma.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_lame.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_find_on_disk.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wav.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_vorbis.lng ()
MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_flac.lng ()
MOD - D:\Programme\Last.fm\listener.dll ()
MOD - D:\Programme\Last.fm\unicorn.dll ()
MOD - D:\Programme\Last.fm\logger.dll ()
MOD - D:\Programme\Last.fm\lastfm.dll ()
MOD - D:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll ()
MOD - D:\Programme\Last.fm\phonon.dll ()
MOD - D:\Programme\Last.fm\libvlccore.dll ()
MOD - D:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - D:\Programme\Last.fm\libvlc.dll ()
MOD - D:\Programme\Winamp\System\jnetlib.w5s ()
MOD - D:\Programme\Winamp\System\jpeg.w5s ()
MOD - D:\Programme\Winamp\System\xml.w5s ()
MOD - D:\Programme\Winamp\System\png.w5s ()
MOD - D:\Programme\Winamp\System\playlist.w5s ()
MOD - D:\Programme\Winamp\tataki.dll ()
MOD - D:\Programme\Winamp\zlib.dll ()
MOD - D:\Programme\Winamp\System\timer.w5s ()
MOD - D:\Programme\Winamp\System\tagz.w5s ()
MOD - D:\Programme\Winamp\System\primo.w5s ()
MOD - D:\Programme\Winamp\Plugins\in_wm.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_local.dll ()
MOD - D:\Programme\Winamp\Plugins\in_vorbis.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_devices.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_pmp.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_disc.dll ()
MOD - D:\Programme\Winamp\System\auth.w5s ()
MOD - D:\Programme\Winamp\Plugins\pmp_ipod.dll ()
MOD - D:\Programme\Winamp\Plugins\unrar.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_online.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_p4s.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_wifi.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_playlists.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_plg.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_android.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_impex.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_usb.dll ()
MOD - D:\Programme\Winamp\Plugins\out_ds.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_history.dll ()
MOD - D:\Programme\Winamp\System\devices.w5s ()
MOD - D:\Programme\Winamp\Plugins\ml_rg.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_transcode.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_bookmarks.dll ()
MOD - D:\Programme\Winamp\Plugins\ml_autotag.dll ()
MOD - D:\Programme\Winamp\Plugins\in_swf.dll ()
MOD - D:\Programme\Winamp\System\albumart.w5s ()
MOD - D:\Programme\Winamp\Plugins\out_disk.dll ()
MOD - D:\Programme\Winamp\Plugins\pmp_njb.dll ()
MOD - D:\Programme\Winamp\System\gif.w5s ()
MOD - D:\Programme\Winamp\System\bmp.w5s ()
MOD - D:\Programme\Winamp\Plugins\out_wave.dll ()
MOD - D:\Programme\Winamp\Plugins\in_wave.dll ()
MOD - D:\Programme\Winamp\System\dlmgr.w5s ()
MOD - D:\Programme\Winamp\System\gracenote.w5s ()
MOD - D:\Programme\Winamp\System\filereader.w5s ()
MOD - D:\Programme\Winamp\Plugins\gen_ff.dll ()
MOD - D:\Programme\Winamp\nsutil.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_ml.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mp3.dll ()
MOD - D:\Programme\Winamp\libsndfile.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_jumpex.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mod.dll ()
MOD - D:\Programme\Winamp\Plugins\in_midi.dll ()
MOD - D:\Programme\Winamp\Plugins\in_cdda.dll ()
MOD - D:\Programme\Winamp\nde.dll ()
MOD - D:\Programme\Winamp\Plugins\in_nsv.dll ()
MOD - D:\Programme\Winamp\Plugins\in_dshow.dll ()
MOD - D:\Programme\Winamp\Plugins\in_avi.dll ()
MOD - D:\Programme\Winamp\Plugins\in_flac.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_orgler.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mp4.dll ()
MOD - D:\Programme\Winamp\Plugins\in_mkv.dll ()
MOD - D:\Programme\Winamp\Plugins\in_flv.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_hotkeys.dll ()
MOD - D:\Programme\Winamp\Plugins\gen_tray.dll ()
MOD - D:\Programme\Winamp\Plugins\in_linein.dll ()
MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()
MOD - D:\Programme\Rainlendar2\lfs.dll ()
MOD - D:\Programme\Rainlendar2\lua51.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "87.98.136.60"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]
 
[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions
[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions
[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun
O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira
[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt
[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu
[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe
[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 12:56:20 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 12:56:20 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 12:56:20 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 12:56:20 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 12:56:20 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 12:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable
[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable
[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel
[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties
[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat
[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Kann ich denn jetzt davon ausgehen, dass das Problem behoben ist? Müssen diese Systemordner auf meiner zweiten Partition bestehen bleiben?
Und könntest du mir vielleicht noch sagen, was jetzt eigentlich genau passiert ist und wie ich so etwas in Zukunft verhindern kann?

Alt 28.04.2013, 13:26   #10
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Die Systemordner müssen da bleiben und sind normalerweise versteckt, das klären wir nachher!

Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.04.2013, 22:23   #11
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.28.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jupp :: JUPP-PC [Administrator]

28.04.2013 20:23:07
MBAM-log-2013-04-28 (21-48-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 498750
Laufzeit: 1 Stunde(n), 23 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Ende)
ESET läuft gerade noch und wird auch wohl ne ganze Weile dauern... ich lass es heute Nacht mal durchlaufen.

Code:
ATTFilter
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam	Win64/Patched.A trojan
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam	Win64/Patched.A trojan
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam	Win64/Patched.A trojan
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam	Win64/Patched.A trojan
Trojaner bei Malwarebytes?

Alt 29.04.2013, 08:49   #12
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Hm...entweder ein false positive oder ZeroAccess hat die Dateien verändert...

Virustotal



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien.
Code:
ATTFilter
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.04.2013, 09:01   #13
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222187/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222273/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222367/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222442/

Alt 29.04.2013, 09:15   #14
Psychotic
/// Malwareteam
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Nicht zu fassen, dieses rootkit fängt an, mir gehörig auf die Nerven zu gehen...


Schritt 1: Fix mit OTL

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:FILES
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam
:COMMANDS
[EMPTYTEMP]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2: adwcleaner


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




Schritt 3: Neues OTL-Log


  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.04.2013, 09:40   #15
Jupp84
 
TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Standard

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


Wenn ich den Befehl bei otl eingebe und auf "fix " klicke, führt das zu einem systemcrash mit bluescreen :-(

Antwort
Seite 1 von 3 1 23

Themen zu TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?
alternative, backdoor.0access, e-banking, google, hijack.trojan.siredef.c, hostprozess, internetseite, löschen, malwarebytes, neustarten, probleme, prozess, rootkit.0access, rootkit.0access.s, tr/atraps.gen, tr/atraps.gen.2, tr/atraps.gen2, trojan.0access, trojan.siredef.c, trojaner, viren


« Windows 7: Nach Start weißer Bildschirm mit "Die Navigation zu der Webseite wurde abgebrochen" | Unsicher ob wirklich Virus eingefangen- avazutracking »


Ähnliche Themen: TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?


  1. Trojaner Befall Atraps.gen2 und eventuell mehr
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (17)
  2. Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (13)
  3. Trojaner tr/atraps.gen2 und tr/sirefef.abx befall
    Log-Analyse und Auswertung - 09.10.2013 (3)
  4. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  5. Trojaner-Befall: TR/ATRAPS.GEN und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (7)
  6. Avira meldet ständig Befall mit Tr/atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (13)
  7. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  8. multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess
    Log-Analyse und Auswertung - 29.08.2012 (13)
  9. Befall mit TR/Atraps.Gen und TR/Atraps.Gen2
    Log-Analyse und Auswertung - 16.08.2012 (3)
  10. Befall mit TR/ATRAPS.gen und TR/ATRAPS.gen2
    Log-Analyse und Auswertung - 18.07.2012 (1)
  11. Befall von TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 18.07.2012 (7)
  12. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  13. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  14. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  15. Viren Befall TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 23.03.2012 (13)
  16. TR/ATRAPS.Gen2 Befall
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (1)
  17. erneuter TR/ATRAPS.Gen2 Trojaner- Befall
    Log-Analyse und Auswertung - 31.01.2012 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? - Hallo zusammen, ich verfolge das Forum hier schon seit einiger Zeit und bin wirklich erstaunt, wie professionell die meisten Probleme behandelt werden. Oftmals habe ich bisher Probleme mit Viren / - TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129